forked from baron/baron-sso
58 lines
1.4 KiB
TypeScript
58 lines
1.4 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import {
|
|
canAccessWorksmobile,
|
|
HANMAC_FAMILY_TENANT_ID,
|
|
} from "./worksmobileAccess";
|
|
|
|
describe("worksmobile access", () => {
|
|
it("allows super admins", () => {
|
|
expect(canAccessWorksmobile({ role: "super_admin" })).toBe(true);
|
|
});
|
|
|
|
it("allows hanmac-family tenant managers", () => {
|
|
expect(
|
|
canAccessWorksmobile({
|
|
role: "tenant_admin",
|
|
manageableTenants: [{ id: HANMAC_FAMILY_TENANT_ID }],
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
canAccessWorksmobile({
|
|
role: "tenant_admin",
|
|
manageableTenants: [{ slug: "hanmac-family" }],
|
|
}),
|
|
).toBe(true);
|
|
});
|
|
|
|
it("rejects admins that do not manage hanmac-family", () => {
|
|
expect(
|
|
canAccessWorksmobile({
|
|
role: "tenant_admin",
|
|
manageableTenants: [{ slug: "other-company" }],
|
|
}),
|
|
).toBe(false);
|
|
expect(
|
|
canAccessWorksmobile({
|
|
role: "user",
|
|
tenantId: HANMAC_FAMILY_TENANT_ID,
|
|
tenantSlug: "hanmac-family",
|
|
}),
|
|
).toBe(false);
|
|
expect(canAccessWorksmobile({ role: "user" })).toBe(false);
|
|
});
|
|
|
|
it("rejects admins that only manage Worksmobile-excluded hanmac-family tenants", () => {
|
|
expect(
|
|
canAccessWorksmobile({
|
|
role: "tenant_admin",
|
|
manageableTenants: [
|
|
{
|
|
slug: "hanmac-family",
|
|
config: { worksmobileExcluded: true },
|
|
},
|
|
],
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
});
|